Skip to content

Sync base-images v1.3.2, Go 1.26.5, lib-helm 1.72.9#733

Open
duckhawk wants to merge 3 commits into
mainfrom
chore/sync-tooling-1.3.2-lib-1.72.9-202607090633
Open

Sync base-images v1.3.2, Go 1.26.5, lib-helm 1.72.9#733
duckhawk wants to merge 3 commits into
mainfrom
chore/sync-tooling-1.3.2-lib-1.72.9-202607090633

Conversation

@duckhawk

@duckhawk duckhawk commented Jul 9, 2026

Copy link
Copy Markdown
Member

Description

Automated tooling sync for sds-replicated-volume (scheduled sync_storage_modules_tooling.py).

  • BASE_IMAGES_VERSION: v1.1.10v1.3.2 in .github/workflows/*.yml.
  • Go: set go 1.26.5 in 10 go.mod file(s) under api/, images/ and hooks/ (aligned with default golang image from base_images.yml).
  • lib-helm: replace chart bundle with deckhouse_lib_helm-1.72.9.tgz (previous: 1.72.4).

Why do we need it, and what problem does it solve?

Keeps the module aligned with the latest deckhouse/container-base/base-images release and deckhouse/lib-helm
so CI and image builds use current base image digests, Go toolchain version, and Helm library charts.

What is the expected result?

  • Pipelines resolve BASE_IMAGES_VERSION to the new (or current) tag and download matching base_images.yml.
  • Go code under api/, images/ and hooks/ declares the same Go version as the default golang toolchain in base_images.yml.
  • charts/ contains the current deckhouse_lib_helm-*.tgz when an update was required.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

builder and others added 2 commits July 9, 2026 09:33
- BASE_IMAGES_VERSION -> v1.3.2
- go directive in api/, images/ and hooks/ -> 1.26.5 (10 go.mod)
- charts/deckhouse_lib_helm-1.72.9.tgz
- go.work: bump go directive to 1.26.5 to match the module go.mod bumps, so
  the workspace loads (fixes Go modules version / tests / linter / coverage).
- linstor-server image: the Alt python3 RPM dep generator now emits requires
  for stdlib modules the new python3 does not provide, and rpm -ihv leaves the
  rpmdb inconsistent. Disable auto-requires (AutoReq: no) for python-linstor and
  linstor-client, and build linstor-client with --nodeps (deps are apt-installed).

Signed-off-by: v.oleynikov <vasily.oleynikov@flant.com>
@duckhawk duckhawk force-pushed the chore/sync-tooling-1.3.2-lib-1.72.9-202607090633 branch from 136bed1 to 6aa15e2 Compare July 9, 2026 12:58
Bump x/net v0.55.0, x/sys v0.45.0, x/crypto v0.52.0, grpc v1.79.3,
protobuf v1.36.10, runc v1.3.6, glog v1.2.4, moby/spdystream v0.5.1 across the
shipped Go modules (api, hooks/go, images/*, lib/go/*) and sync go.work.sum.
Add a VEX statement for GO-2026-5932 (x/crypto/openpgp) in webhooks: openpgp is
not imported (go mod why) and x/crypto ships no release without it, so it is
not_affected / vulnerable_code_not_in_execute_path.

Signed-off-by: v.oleynikov <vasily.oleynikov@flant.com>
@duckhawk duckhawk force-pushed the chore/sync-tooling-1.3.2-lib-1.72.9-202607090633 branch 2 times, most recently from fa50b9d to 2351d0d Compare July 9, 2026 14:08
duckhawk added a commit that referenced this pull request Jul 12, 2026
…or webhooks

Ported from #733 (scheduled sync_storage_modules_tooling.py) to make the
build pass on the actualized base-images catalog:
- go 1.26.5 across api/, hooks/, images/*, lib/* go.mod (+ go.sum, go.work)
- lib-helm chart 1.72.4 -> 1.72.9
- images/linstor-server/werf.inc.yaml: AutoReq:no + rpmbuild --nodeps for the
  Alt python3 stdlib auto-requires / rpmdb regressions on v1.3.x

The base-images bump itself is already v1.3.4 in the workflows (kept as-is,
not reverted to #733's v1.3.2).

VEX: #733 adds images/webhooks/known_vulnerabilities.vex, so wire
"vex mitigation" into images/webhooks/werf.inc.yaml too (linstor-server
include re-added after the werf.inc.yaml merge).

Signed-off-by: v.oleynikov <vasily.oleynikov@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant